Azure Linux 3.0 Security Update: uriparser (CVE-2024-34402)

The version of uriparser installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34402 advisory. - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer...

CVE-2024-58339

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339

Summary: CVE-2024-58339 affects LlamaIndex up to 0.12.2, due to an uncontrolled resource‑consumption path in the VannaQueryEngine. The vulnerable code is in llama_index/packs/vanna/base.py, inside custom_query(), where SQL is generated from a user‑supplied prompt and executed via vn.run_sql() wit...

EUVD-2016-0351

Malware in sbrugna...

EUVD-2015-7408

Malware in sbrugna...

EUVD-2013-6519

Malware in sbrugna...

EUVD-2017-10506

Malware in sbrugna...

EUVD-2016-0352

Malware in sbrugna...

EUVD-2024-31363

Malicious code in bioql PyPI...

airunner (>=3.0.0 <=3.1.14), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2025-3225 via llama-index-readers-web (>=0.0.1 <=0.3.5)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2025-3225 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-10645574...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

airunner (>=3.0.0 <=3.1.7), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2024-12910 via llama-index-readers-web (>=0.0.1 <=0.2.4)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2024-12910 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-9510943...

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

IBM Db2和IBM Watson Query 代码问题漏洞

IBM Db2 and IBM Watson Query are both products of the International Business Machines IBM Corporation.IBM Db2 is a relational database management system. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions.IBM Watson Query is a general purpose query engine. Distributed and...

OESA-2024-1690 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...